From cb989708b7c1daf11e10dc5583fe5e788ae58da3 Mon Sep 17 00:00:00 2001
From: Daniel Markstedt <daniel@mindani.net>
Date: Wed, 1 May 2024 10:42:41 +0900
Subject: [PATCH] afppasswd: Check for valid password length, GitHub #931

---
 bin/afppasswd/afppasswd.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/bin/afppasswd/afppasswd.c b/bin/afppasswd/afppasswd.c
index 95038634a14..174d4d00a68 100644
--- a/bin/afppasswd/afppasswd.c
+++ b/bin/afppasswd/afppasswd.c
@@ -175,6 +175,11 @@ static int update_passwd(const char *path, const char *name, int flags)
 
   /* new password */
   passwd = getpass("Enter NEW AFP password: ");
+  if (strlen(passwd) > 8) {
+    fprintf(stderr, "afppasswd: max password length is 8.\n");
+    err = -1;
+    goto update_done;
+  }
   memcpy(password, passwd, sizeof(password));
   password[PASSWDLEN] = '\0';
 #ifdef USE_CRACKLIB